README
¶
stategate
A secure pluggable API that enforces the Event Sourcing Pattern for persisting & broadcasting application state changes
Features
- 4 simple API Methods for interacting with application state:
SetObject, GetObject, StreamEvents, SearchEvents - Capture all changes to an application state as a sequence of events.
- Native gRPC support
- Embedded REST support
/(transcoding) - Embedded grpcweb support (transcoding)
- Metrics Server(prometheus/pprof)
- Authentication - JWT/OAuth with remote JWKS verification
- Authorization - Rego based Authorization engine
- Autogenerated Client gRPC SDK's
- Structured JSON Logs
- Sample Kubernetes Manifest
- Pluggable "Channel" Providers
- Nats
- Nats Streaming(Stan)
- Redis
- Kafka
- RabbitMQ
- Google PubSub
- AWS SQS
- Azure Queue
- Pluggable "Storage" Providers
- MongoDb
- PostgreSQL
- MySQL
- Cassandra
Concepts
Goals
- Create a simple API interface for storing state and and subscribing to state changes(events) using pluggable channel & storage providers
- Capture all changes to an application state as a sequence of events.
- Safe to swap backend providers without changing client-side code
- Type-safe client's generated in many languages
- Safe to expose to the public internet due to fine-grained authentication/authorization model.
- Different combinations of Channel & Storage Providers are interoperable.
- Capture a persistant, immutable historical record of all state changes using a pluggable storage provider
- Store identity(jwt.claims) & timestamp in event logs to capture who is changing what & when
Command Line
stategate -h
Usage of stategate:
--config string path to config file (env: STATEGATE_CONFIG) (default "config.yaml")
Sample Config
# port to serve on. metrics server is started on this port+1 if enabled
port: 8080
cors:
allowed_origins:
- "*"
allowed_methods:
- "POST"
- "PUT"
- "GET"
- "OPTIONS"
allowed_headers:
- "*"
#tls:
# cert_file: "/tmp/server.cert"
# key_file: "/tmp/server.key"
logging:
# enable debug logs
debug: true
backend:
# pluggable channel providers: [inmem, redis, nats, stan, kafka, google-pubsub, aws-sqs]
channel_provider:
name: "nats"
config:
addr: "0.0.0.0:4444"
# client_cert_file: "/tmp/nats.cert"
# client_key_file: "/tmp/nats.key"
# channel_provider:
# name: "redis"
# config:
# addr: "0.0.0.0:6379"
# user: "default"
# password: "admin1234"
# client_cert_file: "/tmp/redis.cert"
# client_key_file: "/tmp/redis.key"
# channel_provider:
# name: "stan"
# config:
# addr: "0.0.0.0:4444"
# client_cert_file: "/tmp/stan.cert"
# client_key_file: "/tmp/stan.key"
# pluggable storage providers: [mongo, elasticsearch]
storage_provider:
name: "mongo"
config:
addr: "mongodb://localhost:27017/testing"
database: "testing"
# client_cert_file: "/tmp/mongo.cert"
# client_key_file: "/tmp/mongo.key"
# authentication options
authentication:
# json web keys uri for authentication.
# if empty, inbound jwt's will not be verified.
jwks_uri: ""
# authorization options
authorization:
requests: |
package stategate.authz
default allow = false
allow {
input.claims.sub = "1234567890"
input.claims.name = "John Doe"
}
responses: |
package stategate.authz
default allow = true
Notes
Directories
Click to show internal directories.
Click to hide internal directories.